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This note is a stripped down version of a published paper on the Potts partition 
function, where we concentrate solely on the linear coding aspect of our approach. 
It is meant as a resource for people interested in coding theory but who do not know 
much of the mathematics involved and how quantum computation may provide a 
speed up in the computation of a very important quantity in coding theory. We 
provide a theorem on the quantum computation of the Weight Enumerator polyno- 
mial for a restricted family of cyclic codes. The complexity of obtaining an exact 
evaluation is 0(k 2s (log q) 2 ), where s is a parameter which determines the class of 
cyclic codes in question, q is the characteristic of the finite field over which the code 
is defined, and k is the dimension of the code. We also provide an overview of cy- 
clotomic cosets and discuss applications including how they can be used to speed 
up the computation of the weight enumerator polynomial (which is related to the 
Potts partition function). We also give an algorithm which returns the coset leaders 
and the size of each coset from the list {0, 1,2,... , N — 1}, whose time complexity is 
soft-O(iV). This algorithm uses standard techniques but we include it as a resource 
for students. Note that cyclotomic cosets do not improve the asymptotic complexity 
of the computation of weight enumerators. 
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I. INTRODUCTION 



There have been many quantum algorithms applied to problems of interest to mathematical 
scientists, including the famous Shor's algorithm for prime factorization approximations 
of the Jones polynomial 
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22i | , approximations of the Tutte polynomial [20J and algorithms 



for Gauss sums and Zeta functions 



8. 



2 II ]. In this paper we give an algorithm for the 
evaluation of another variant of the Tutte polynomial, the weight enumerator polynomial for 
classical codes, which is of interest to people in the engineering sciences and other branches 
of applied mathematics. In particular, we use an approach recently outlined in [3| to allow 
quantum computers to return the exact weight enumerator polynomial for a certain restricted 
subset of linear codes. It relies on a quantum oracle that is able to run an algorithm for 

n 

discrete log (as in [15() and an algorithm for the estimation of Gauss sums (or Zeta functions) 



which is known to be as computationally hard as the evaluation of discrete log [8j. 

Cyclotomic cosets are a partition of the list {0, 1, 2, . . . , N— 1} into m unique subsets. While 
doing research at the intersection of classical coding theory and statistical physics, one of 
the authors found that if one knew one element from each coset and the size of each coset, 
i.e., the number of members in that coset, then certain instances of a hard problem became 
computationally easier. Specifically, one is able to obtain the exact partition function for 
the Potts model over a specific family of graphs if one had access to a quantum oracle 3|. 
This was due to certain algebraic symmetries that a function that we needed to compute 
had, i.e., Gauss sums, which we review. This author also found that there was a lack of 
literature on computing cyclotomic cosets. (Note that 2| does provide a computational tool 
for finding cyclotomic cosets.) Here we provide a classical algorithm for the computation 
of an element from each set, the so called coset leader or coset representative, and also the 
number of elements in each coset. The complexity of the algorithm is O(N). 

We also present a theorem on the exact evaluation of the weight enumerator polynomial for 
a certain family of codes using quantum computation. This theorem is actually a stripped 
down version of the main theorem presented in Q|, i.e., with no mention of statistical physics. 
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II. CYCLOTOMIC COSETS 



Let S = {0,1,2, . . . , N — 1} and let p be prime such that gcd(iV, p) = 1. The p-cyclotomic 
cosets of this set is given by the collection of subsets 

{0}, {l,P,p 2 , ■ ■ • ,p r }, • • • , {a,ap,ap 2 , . . .,ap s } 

where elements are computed mod N and s is the minimal exponent such that a(p s — 1) = 
mod N i.e. s is the smallest integer before one begins to get repeats in the coset. (The same 
is true for r.) 

As an example consider N = 16 and p = 3. One obtains 

{0}, {1, 3, 9, 11}, {2, 6}, {4, 12}, {5, 15, 13, 7}, {8}, {10, 14}. 

One sees that this defines an equivalence relation, i.e., for g, f 6 S we have that g ~ / if 
9 = f ' P l mod N for some I. Each equivalence class in known as a cyclotomic coset or 
class and referred to as Cj where j is the coset leader, i.e., the smallest coset representative. 
For the example given above we have Co = {0} (as always), C\ = {1,3,9, 11}, C2 = {2,6}, 
C 4 = {4, 12}, C 5 = {5, 15, 13, 7}, C 8 = {8}, and C w = {10, 14}. 



III. APPLICATIONS 



Factorization of X 



N 



We present a few results with no proof. Proofs can be found in [4| . Take p to be prime 



Definition 1 Consider an element a in the finite field extension GF(p l ) of GF(p). The 
minimal polynomial of a is the monic, irreducible polynomial M(x) of least degree such that 
M{a) = 0. 

The following is a classical result and it is an extension of the fact that X p " — X is equal to 
the product of all monic polynomials, irreducible over GF(p) whose degree divides n. The 



4 



idea is that once one has the cyclotomic cosets of S, then one can find a factorization of 
X N — 1 into a product of monic polynomials as well. 

Theorem 2 

M S (X) = J[ X-rj 
is the minimal polynomial of a s over GF(p k ). 

Corollary 3 

X N -l = l[M a (X) 

s 

where s runs over any set of coset representatives modulo N over GF(p). 

The above theorems provide a basis for the factorization of X N — 1 which has applications in 
the theory of error correcting codes. We provide some details in the next section. Detailed 
examples of using cyclotomic cosets for finding factorizations are provided in 4]. 

B. Cyclic Codes 

We go into some detail here for it will be useful background for a recently discovered theorem 
that we include in this paper. Let us recall some definitions from algebra after we define 
linear codes. Take q to be prime or a power of a prime and let F q = GF(g) 

Definition 4 A linear code C is a k dimensional subspace of the vector space F™ and is 
referred to as an [n, k] code. The code is said to be of length n and of dimension k. 

Definition 5 A linear code C is a cyclic code if for any word (co, Ci, . . . ,c n _i) G C, also 
(c„_i,Co,Ci, . . . , c n -2) 6 C. If C contains no subspace (other than 0) which is closed under 
cyclic shifts then it is irreducible cyclic. 



Definition 1 A ring is a set R which is an abelian group (R, +) with as the identity, 
together with (R, x), which has an identity element with respect to x where x is associative. 
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Definition 2 An ideal I is a subset of a ring R which is itself an additive subgroup of (R, +) 
and has the property that when x G R and a G I then xa and ax are also in I. 

Definition 3 A principal ideal is an ideal where every element is of the form ar where 
r G R. 

Thus, a principal ideal is generated by the one element a and a principal ideal ring is a ring 
in which every ideal is principal. 

There is an important isomorphism between powers of finite fields F q and a certain ring of 
polynomials. Let (x n — 1) be the principal ideal in the polynomial ring F g [x] generated by 
x n - 1. 

Therefore the residue class ring F q [x]/(x n — 1) is isomorphic to F™ since it consists of the 
polynomials 

{a + aiX + ■ ■ ■ + a n _ix n ~ 1 \a i G F q , < i < n}. 
Taking multiplication modulo x n — 1 we can make the following identification: 

(a ,a h . . . ,a n _i) G F^ < — > a + a%x H h a„_ix n_1 G F q [x]/(x n - 1). (1) 

This implies the following theorem. 

Theorem 1 A linear code C in F^ is cylic 

Note that F q [x]/(x n — 1) is a principal ideal ring and therefore the elements of every cyclic 
code C are just multiples of g(x), the monic polynomial of lowest degree in C; g(x) is called 
the generator polynomial of C. We see that g{x) divides x n — 1 since otherwise g(x) could 
not be the monic polynomial of lowest degree in C. This is where the factorization of x n — 1 
of the last section becomes important. First let us explain what it means to generate a code 
by making use of a simple relationship between g(x) and a special matrix well known in 
the theory of error correcting codes called the generator matrix. Note that we can write 



C is an ideal in F q [x]/(x n — 1).J4/ 
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g(x) = go + g\X + • • • g n -kX n ■ We then can write the k x n generator matrix of the code as 

( - • • ■ g n -k ■ • • \ 

9n-k-l 9n-k • • • 



#o 9i 
So 



••• 
••• 







9o 9i ■■■ 9n-k J 



In this way, the row space of this matrix is C. 

The previous arguments all point to the fact that if you are able to factorize x n — 1 into 
irreducible polynomials, then you can generate every cyclic code of length n over F q . If 
we can write x n — 1 = W\{x)w2{x) ■ ■ -w t (x) as the decomposition of x n — 1 into irreducible 
factors, then we can generate 2* — 2 different cyclic codes by taking any non-trivial product 
of the factors Wi(x) as the generator polynomial. If for example you take Wi(x) to be the 
generator polynomial, you obtain what is known as a maximal cyclic code and if you choose 
^—rk then you obtain an irreducible cyclic code. It is clear that t is the number of cyclotomic 
cosets modulo n. We mention one more definition pertinent to coding theory as we shall 
need it to understand another application of cyclotomic cosets. 

Definition 6 Let C be a linear code of length n and let A\ be the number of vectors in C 
having i non-zero entries (Hamming weight of i) . Then the weight enumerator of C is the 
bi-variate polynomial 

n 

A(x,y) = J2 A iX n ~ l y l - 

i=0 



The set {Ai} is called the weight spectrum of the code. 



Associated with any [n, k] linear code C is its [n, n — k] dual code C ± . The relation between 
the weight enumerator A of a code C over the field F q k, and the weight enumerator A 1 - of 



the dual code C ± is given by the MacWilliams identity 



121: 



A L (x, y) = q~ k2 A {y-x,y + {q k - l)x) . 



(2) 



The computation of the weight enumerator polynomial is known to be a ^P-hard problem 
6|, [7|. This should not be surprising as the weight enumerator is an instance of the Tutte 
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polynomial (as is the Jones polynomial from knot theory and the Potts partition function) 
6|. In the next subsection we come to an overview of our last application, namely the com- 
putation of the weight enumerator polynomial. In Q|, cyclotomic cosets provide a speed 
up in the computation of the partition function for the Potts model. Given the above rela- 
tionship between the weight enumerator and the partition function, it is of no surprise that 
cyclotomic cosets provide a practical speed up in the evaluation of both of these functions. 
Again, the use of cyclotomic cosets provides no speed up asymptotically. 



1. The Computation of Weight Enumerators for Irreducible Cyclic Codes 



We now briefly introduce characters over finite fields and Gauss sums as this will provide 
a vital link between quantum computation and the weights of words in a certain subset 
of the set of all irreducible cyclic codes. From here one will be able to see a very useful 
application of cyclotomic cosets. Ultimately, we wish to provide a quantum algorithm for 
the exact evaluation of the weight enumerator for a restricted class of codes by making use 

n n 

of a quantum algorithm for Gauss sums |8j. This result is presented in [3| but in the guise of 
evaluating the Potts partition of statistical physics. Here we make no mention of the Potts 
model and concentrate on the coding theoretic aspect but provide a less detailed treatment. 

Given a field F q k, there is a multiplicative and additive group associated with it. Namely, 
the multiplicative group is F* fe = F q k \ and the additive group is F q k itself. Associated with 
each group are canonical homomorphisms from the group to the complex numbers, named 
the additive and multiplicative characters. The multiplicative character \ is a function of 
the elements of F* fe and the additive character is a function of F q k and is parameterized by 
P e F q k. 

Definition 7 Let ep and Xj be an additive and multiplicative character respectively. Then 
the Gauss Sum G(xj^ e /3) ^ s defined as: 

G(Xj,ep) = Yl Xj{x)e p {x). (3) 
xeF* 
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A Gauss sum is then a function of the field F q k } the multiplicative character x an d the 
parameter f3, and can always be written as 

G Fqk ( X ,(3) = ^\ (4) 

where 7 is a function of % and (3. It is in general quite difficult to find the angle 7. The 
complexity of estimating this quantity via classical computation is not known but it can be 
shown it is equivalent in complexity to evaluating discrete log [8j. 

There is a trace function over finite fields that we now define. 

Definition 8 Let q be prime, k a positive integer, and let F q k be the finite field with q k — 1 
non-zero elements. The trace is a mapping Tr : F q k *—>■ F q and is defined as follows. Let 
£ G F q k . Then 

fc-i 

TV(0 = E^- ( 5 ) 

j=0 

The canonical form of an additive character is given by 

e p (a) = e 2 ™/^^) 
and the canonical form of a multiplicative character is given by 

where any non-zero element in F q k may be written as a m for some positive integer m, i.e., 
a is the generator of this finite field. 

We deal specifically with irreducible cyclic codes. Let a generate the multiplicative (cyclic) 
group F^ fe = F qk \{0}. 

Theorem 9 Each of the q k words of an [n, k] irreducible cyclic code may be uniquely asso- 
ciated with an element r 6 F^* and may be written as 

(Tr(r), Tr(ra N ), Tr(r« 2iV ), . . . , Tr(ra ( "- 1)JV )), (6) 

where k is the smallest integer such that q k = 1 mod n. 



For a proof of this statement see 



In order to obtain A(x,y) we need to find the weight spectrum {Ai}. One step in this 
direction is the following theorem that connects the weights of irreducible cyclic code words 
to Gauss sums. Let w(x) be the Hamming weight of the code word associated with x G F* fe . 



Theorem 10 (McEliece Formula) Let u>(£) for £ 6 F* fc be the weight of the code word 
given by Eq. (Uj)], let q k = 1 + nN where q is prime and k, n and N are positive integers, 
let d = gcd(iV, (q k — l)/(q — 1)), and let the multiplicative character x be given by x(a) = 
exp(2ni/d), where a generates F* k . (\ is called the character of order d.) Then the weight 
of each word in an irreducible cyclic code is given by 

±1 -v - d- 1 



^) = qJ ^- q i^tm-G^(?A). (7) 



a=l 



For a proof of this see 



The main difficulty in using this theorem is that even estimating Gauss sums is computation- 
ally difficult. Fortunately, it has been shown that this is an application for which quantum 
computers are efficient [8j. Specifically, in order to approximate 7 to within an error e, the 
computational cost is 0(- ■ (log(g fc )) 2 ). 

Let us define the function 



a=l 

This equation is just the expansion of the formula for w(y) where now we take a to be the 
primitive element in F q k (i.e., any element in the field may be written as ct L ). This means that 
if we were able to find the range of S(t) we would have all the weights of the corresponding 
code. Of course, it does look like we have to evaluate an exponential number of words in k, 
the dimension of the code. This is not the case in all situations however and this is where 
cyclotomic cosets will play a role. Note the following proposition. 



Proposition 1 In an [n, k] irreducible cyclic code there are at most N words of different 
non-zero weight where N = (q k — l)/n. 
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Proof. For any irreducible cyclic code we have the relation q k — 1 = nN over the field F q . 
The length of each word is n and any cyclic permutation of a word preserves the Hamming 
weight. Therefore, for each word there are n — 1 other words of equal weight. As there are 
q k — 1 words of non-zero weight, if we assume that every word that does not arise from the 
cyclic permutation of another word is of a different weight, then there are (q k — l)/n words 
of different weight. Being however that there is the possibility of repeats in weight among 
words which are not cyclic permutations of each other, there are at most N different weights. 
■ 

This means that it is in fact N and not n which will determine the complexity of finding 
the weight spectrum {A{\. The first restriction that we make on our codes is that we only 
consider families of codes where N grows polynomially in k. In this way, we may claim that 
our algorithm for the exact evaluation of the weight enumerator is efficient as will be shown 
below. 

It turns out that cyclotomic cosets are a help here. This occurs because each element in a 
given coset has the same value of S(i). This is due to the fact that the mapping x \— > x qJ is a 
permutation of F q k (Frobenius automorphism) and in fact this mapping is an automorphism 
for when q and N are relatively prime [121]. Let us assume that we have all d — 1 Gauss 
sums necessary to compute S(i) (via a quantum computation for example). Let us call these 
Gauss sums A a . We then must convince ourselves that S(g) = S(f) whenever g = fqi for 
some integer j. We have 



is just a permutation of the cyclic group of order d generated by the primitive root of unity, 
i.e., the above mapping is an automorphism. This means that the sum does not change and 
therefore we have that S(g) = S(f). This means that S(l) is invariant over individual cosets. 




One can show that gcd(g J , d) = 1 and therefore the mapping 
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It is known that the number of cyclotomic cosets is equal to 



f\N 

where <fi{f) is the Euler totient (the number of positive integers which are relatively prime to 
/ and s = ord q f means that s is the smallest positive integer such that q s = 1 mod /.)[12| 
There are many instances where Nq << N but asymptotically, it does not make an expo- 
nential difference. However the difference can be significant. Take for example N = 358701. 
The number of 2-cyclotomic cosets is 546. One can clearly see that this has the potential for 
a large speed up for the task of evaluating weight enumerators. 



IV. A THEOREM ON THE EXACT EVALUATION OF THE WEIGHT 
ENUMERATOR VIA QUANTUM COMPUTATION FOR A CERTAIN CLASS OF 

CYCLIC CODES 

Earlier, we made mention of a theorem presented in 8] that gives a poly-logarithmic algo- 
rithm for the estimation of a Gauss sum. The algorithm is for an approximation of the angle 
7 in 

G Fqk ( X ,f3) = Vq*e i \ (10) 

up to an error e. This means that if 7 a is the actual angle then the quantum algorithm 
returns 7 such that |7„ — 7I < e. The smaller we wish to make e the more times we would 
have to run our quantum algorithm, i.e., if we want e accuracy we have to run the algorithm 
1/e times. How can we use this result to obtain the exact weight spectrum? Clearly the 
error would propagate when we attempted to find the range of S(t). This is dealt with in 



the paper 



3J but we give a brief review. 



Fortunately, there is a theorem which gives us some information about the weights of words 
in irreducible cyclic codes. 



Theorem 11 (McEliece [is]) All the weights of an [n,k] irreducible cyclic code are di- 
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visible by q n > k 1 , where 9 n ^ is given by 

O n ,k = — l — min S'(jn) (11) 

q — 1 0<j<ak s W 

(where S'(x) is the sum of the digits of x in base q) 

Being that the weights are integers, this theorem gives us a clue as to the distance between 
weights. What this means is that if we can make e small enough, we will be able to guarantee 



that the range of S 
the Gauss sum. In 



V) are the actual weights even though we are using an approximation of 
3[ it was shown that 



e < - 



4yV 

is sufficient. Further, it can be shown that for any fixed e < 1, there is a family of cyclic codes 
which conform to the necessary restrictions required to obtain the exact weight enumerator. 
There is a polynomial speed up in the dimension k and an exponential speed up in q over the 
best classical algorithms. See 0,[ll|,0] for details. For completeness we mention justification 
for this claim of algorithmic speed up. Note that in [ll|, they give an algorithm for computing 
the weight distribution of binary index 2 irreducible cyclic codes. The algorithm is efficient 
and is due to the fact that there is an efficient way of solving the Diophantine equation 
necessary for this case. As indicated in [l^], the weight distributions of irreducible cyclic 
codes are intimately related to Gauss sums (as these functions are related to the number of 
rational points on Hasse-Davenport curves). Thus, for the index 2 cases explored in jll| . 
they used a special form that Gauss sums take for this situation as well as information 
from the solution of the particular Diophantine equation. Now, index 2 refers to the fact 
that the dimension k of the code is equal to <fi(N)/2, where is the Euler totient function. 
Asymptotically it is well known that iV 1_<E < <f)(N) < N, and thus we essentially have 
k ~ N. This means that the situations that we are able to handle are computationally 
much more difficult to deal with than these situations and the quantum computers ability 
to approximate Gauss sums provides a very significant advantage. In fact, the assumption 
that the length of of the codes considered in this paper grow exponentially with k, makes 
it very unlikely that any approach devoid of computations of Zeta functions or Gauss sums 
will be sufficient. 
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We now give a formal definition for the class of codes for which this applies and a theorem 
that summarizes the results. 



Definition 12 Given a constant e < 1, ICQ e is the class of irreducible cyclic codes of 
dimension k and length n, such that 

ak s 

(where aeRis chosen so that n G N and where s£R determines the complexity and the 
instances of codes considered) and 

n ,k = — — r min S'(jn) (13) 

q — 1 0<j<ak s 

(where S'(x) is the sum of the digits of x in base q) so that 

6 ^ 77T- ( 14 ) 



ICQ e also includes the cyclic [n, n — k] dual codes and all equivalent codes jj^/. 

Theorem 13 A quantum computer can return the exact weight enumerator polynomial 
A(x,y) for codes in ICQ e . For each family ICQ e (e fixed), the overall running time is 
0(k 2s (\ogq) 2 ) and the success probability is at least 1 — 5, where 5 = [2((q h — l) 2 e — 2)] _1 . 

This theorem imposes a restriction on the fundamental relationship nN = q k — 1 in that we 
impose that asymptotically iV = 0(k s ). This essentially means that we consider codes for 
which the lengths of the codes grow exponentially. This is a good restriction for it makes 
brute force classical computation not feasible. We do not supply a proof for the theorem as 
it is essentially the same as the proof given in . We do however supply an overview of the 
algorithm for computing the weight enumerator of a code in ICQ e . The success probability 
comes from the fact that the evaluation does depend on a quantum algorithm and thus is 



ultimately probabilistic. See 



3, Q, Q 



for details. 
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A. Overview of the Algorithm to Obtain the Exact Weight Enumerator of a Code 

in ICQ, 

In 3j, a quantum algorithm for checking whether graphs are members of the family ICCC e 
is given where it essentially checks whether codes are members of ICQ e as defined in this 
paper. This quantum algorithm is exponentially faster than the best classical algorithm for 



it requires the computation of the discrete logarithm 15j. We do not present it here but 



instead just assume that we know that a code does indeed belong to ICQ e 



1. Let N = 0(k s ) where s is a constant integer that determines the complexity of the 
algorithm. Take C as our irreducible cyclic code of length n = 2^=1 and dimension k 
(or the dual code). 

2. Find the g-cyclotomic cosets of {0, 1, ... ,N — 1}. This step requires at most linear 
time in N. (See the next section) 

n 

3. Using the quantum algorithm for Gauss sums [8| we are be able to estimate the weights 



of the words. Use the Gauss sum algorithm to return the phases 71, ... , 7^-1 [Eq. tTTOjl ] 
and then input these values into the function S(l). According to the McEliece Formula 
(Th. [10]) we have to make d — 1 (where d = gcd(iV, ^fj-)) calls to the quantum oracle 
and we can use these evaluations for each representative i of the g-cyclotomic cosets 
of {0, 1, . . . , AT — 1}. This step has time complexity 0(dk 2 ()ogq) 2 ) |3j, |8|. 

4. Let bi,b 2 ,--- ) b^ c be the coset representatives from the N c cosets. Now each coset 
has cardinality u i5 i.e., 6j belongs to coset % which has elements. We evaluate Ui = 
S(bi) for each 6j, remembering that each Ui occurs Vi times. We end up with a list 
(u>i, u>2, ■ ■ ■ , ojn c ) as well as a list (v±, V2, ■ ■ ■ , vn c ) of multiplicities. This step will have 
an 0((d — 1) • N c ) time cost. 

5. Now perform a tally of repeats of the uji for each i 6 {1, Nc}- This returns a 
set of indices Aj = {ji} C {1, Nc}- We add the corresponding v,j t which yields 
a i = SjeAi v ji ^ e numrj er of words of weight oji up to cyclic permutations. To account 
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for cyclic permutations due to the fact that we are working over cyclic codes, we have 
Ai = nOj, which is the desired weight spectrum. The tally will have an 0(\/Nc) time 



cost using Grover's quantum search algorithm 
overall complexity.) 



181 ] . (This will have no affect on the 



6. Combining the previous steps, we now have determined the weight spectrum Ai in 
time 0(k 2s (log q) 2 ) (by modestly taking Nq = 0(k s ), i.e., essentially ignoring the 
contribution of the cyclotomic cosets). This means that we have the coefficients for 
A(x, y) as well as the exponents and thus, are done. 



V. A CLASSICAL ALGORITHM FOR THE COMPUTATION OF COSET 

LEADERS AND COSET SIZE 

The algorithm for the calculation of the cyclotomic cosets themselves is quite simple; it is 
essentially a sieve method of the kind commonly used in number theoretic algorithms such 
as those for prime factorization. 



CosetLeaders (N, p) 

Array A (size N), initialize to unmarked 
for % = to iV - 1 do 

if — unmarked do 

output "New coset leader = z" 
a <— i, s <— 

while A a = unmarked do 
mark A a 
increment s 
a <— a x p (mod N) 

end while 

output "Coset size = s" 
end if 
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end for 

end COSETLEADERS 

The outer loop scans for coset leaders, which here are unmarked numbers of the form ap°, 
while the inner loop sieves out other coset members i.e. ap k for k = 1 to s — 1, where s is the 
size of a particular coset. Since, as explained in section II, the cosets partition 1 to iV — 1, 
and s is the smallest integer such that a{p s — 1) = (mod N), on termination the inner loop 
has returned to the original coset leader ap° after marking every other member. 

While the algorithm features nested loops, its running time is linear in N, since the inner 
loop is activated only once per coset, and the number of iterations for a particular coset are 
equal to the size of that coset. In fact, it is easy to see that every element in A is read only 
twice (once in an unmarked state, and once in a marked state) and of course marked only 
once (as well as unmarked once, during initialization). It should be noted that while the 
algorithm is soft-O(N), in terms of general complexity it is not polynomial with respect to 
the input size, but only pseudo-polynomial, since N and p are given as (presumably) binary 
numbers. This is of course the best that can be done for enumeration problems of this sort, 
which have very succinct inputs consisting of only 1 or 2 numbers but outputs that consist of 
relatively long lists (the number of cosets can approach y, as in the example given in section 
II). As well, like other sieve algorithms, the storage requirements can be a bit onerous for 
large N, but this can be helped a bit by doing things such as implementing A as a bit-array. 
Such optimizations make the problem feasible for N up to several billion on one of today's 
ordinary household computers. 
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